ARIN recovers 735,000 fraudulently obtained IPv4 addresses

Cisco: DNS attacks will undermine trust in the internetSophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

After some legal wrangling, the American Registry for Internet Numbers (ARIN) has reclaimed over 735,000 scarce IPv4 addresses that were fraudulently obtained by a businessman who is now facing wire-fraud charges in the US.

ARIN is the non-profit organization responsible for assigning IP addresses in the US, Canada and parts of the Caribbean. It doesn’t sell IP addresses but rather allocates them to members.

However, thanks to the scarcity of IPv4 addresses during the world’s transition to IPv6, there’s been a rise in attempts to fraudulently obtain IPv4 addresses from ARIN and then sell the rights to those addresses to others, according to ARIN.

The company and Golestan are accused of running a scheme that used 11 shelf companies with fake executives at each firm to obtain the IPv4 address.

Prosecutors handling the fraud case against Golestan estimate the total value of the IPv4 addresses he obtained is between about $10m and $14m, according to the criminal complaint obtained by Krebsonsecurity.

In 2017 and 2018, Golestan is alleged to have used a third-party broker to sell the addresses for $13 each. In one transaction 65,536 IPv4 addresses were sold for a total of $851,896, and in a second transaction 65,536 were sold for about a total of $1m. Golestan also allegedly sold 327,680 IP addresses at $19 per address for $6.2m.

The fraud case is the tail end of an odd sequence of events starting in December 2018, after ARIN had asked the 11 shelf companies to produce and explain their conduct, according to ARIN general counsel Stephen Ryan.

Instead of producing the requested documents, Micfo filed an arbitration against ARIN and simultaneously filed for a temporary restraining order against it in a federal court in Virginia. The restraining order was denied because Micfo wouldn’t produce documents about its customers.

Ryan notes it was “the first ever invocation of ARIN’s dispute resolution mechanism”.

“In both the federal court and arbitration, ARIN exposed an intricate multi-year scheme to fraudulently obtain resources from ARIN,” he wrote in a blogpost.

ARIN won the arbitration case on May 1, clearing it to revoke all IPv4 addresses held by the firms and winning an order for Micfo to pay ARIN $350,000 for its legal fees.

John Curran, ARIN president and CEO, said in a statement that the organization is stepping up its fight against fraud.

“Fraud will not be tolerated. The vast majority of organizations obtain their address space from ARIN in good faith according to the policies set out by the community,” said Curran.

“However, ARIN detected fraud as a result of internal due diligence processes, and took action to respond in this particularly egregious case.

“We are stepping up our efforts to actively investigate suspected cases of fraud against ARIN and will revoke resources and report unlawful activity to law enforcement whenever appropriate.”